Always Use Protection

Raymond Lodato writes "Where do I begin? Oh yes! If you are a teenager who uses computers, or the parent or guardian of a teenager who does, buy Always Use Protection, by Dan Appleman! Let me take a little time to explain why." Read on for the rest of Lodato's review.

Always Use Protection: A Teen's Guide to Safe Computing
author	Dan Appleman
pages	288
publisher	Apress
rating	10/10
reviewer	Raymond Lodato
ISBN	159059326X
summary	An excellent and realistic reference for teens and their parents/guardians about the potential hazards of computing.

Dan Appleman knows how to talk to teenagers. He's made the presentation very logical, he keeps the chapters a reasonable length so a teenager won't feel overwhelmed, and he had a crew of teenagers review this book before it was published so that he knew they would understand it. Those adults who aren't technically adept will find it an easy read, too.

Always Use Protection is broken up into three main parts: Protecting Your Machine, Protecting Your Privacy, and Protecting Yourself. There is a fourth part with useful appendixes, also.

Protecting Your Machine goes through all of the gremlins that can bother your computer, how to get rid of them and how to prevent them from coming back. Viruses, Trojan horse programs, and worms are covered clearly. Not too much depth involved, but not too little either. Dan covers the ins and outs of the three main preventive measures: anti-virus programs, firewalls, and system configuration and updates. He makes sure that his discussions relate to the types of programs that teenagers are likely to run: P2P software, online games, Instant Message clients, e-mail programs, and web browsers. He's careful to include other avenues of attack besides the Internet, such as infected floppies and CDs cut by well-meaning friends.

Always Use Protection explains how to determine which type of anti-virus programs are available and how to run them (using McAfee's VirusScan as an example), but puts the responsibility for deciding which one to use squarely in the reader's lap. Dan has made sure that he's not pushing any particular product over another. In fact, there were one or two places where I wished he'd just come right out and say I'd recommend blah-blah software, but he always said the reader should check the pros and cons of the possibilities and make their own decision.

Firewalls are discussed in detail, as well as their possibly unintended consequences (an online game refuses to run because a critical port is being blocked by the firewall, for example). He does state that if you're on a network behind a router, you may not need a firewall. This is my only disagreement with Dan. I believe a personal firewall should be on each and every machine, regardless of how it connects. It will protect not only the machine itself, but make it harder for the machine to attack others.

Software updates are probably one of the most under-utilized options in the home. News items in papers and on the web speak frequently about how such-and-such a virus got into machines mainly because security updates available from the manufacturer for months were simply not installed. Dan makes sure that the reader understands how shortsighted that approach really is. The updates are usually free, and just take a little time to download and install. Always Use Protection explains exactly how to do that and why it's a good thing.

The configuration chapter describes many little tweaks available to harden your browser and e-mail reader. Many people are not aware of the number of 'dials' they can play with (and if they were, they'd probably be overwhelmed), but this chapter zeroes in on the most important ones.

If this book was only chapter 9 - What to Do When You've Been Hit - it would still be worth the cover price. In this chapter, Dan gives a careful, step-by-step menu of what you can and should do to recover as much as you possibly can, eradicate the malware that is causing the problem, and get your system back to a usable state. It's the one chapter he says you shouldn't read front-to-back, but follow the links (if you see this, go to this section) like one of those make-your-own-ending books. I have this one bookmarked for future reference.

The next four chapters form Part II - Protecting Your Privacy. In here, Dan explains the various ways your personal information can be gleaned, mostly from a user innocently filling in a form supplied by a con artist. He talks about identity theft and what it means to a teenager. The need for good passwords is clearly discussed, but he acknowledges that most people won't use strong enough ones. Therefore, he promotes a simple plan with three passwords (high, medium, and low-security) that will work in most cases. He ends off this part with a good treatise on cookies of all forms, and how to turn off the worst ones.

Finally, he talks about protecting yourself in chat rooms and from common scams. While there is a lot of press about teenagers being lured by scoundrels in chat rooms, Dan notices that the actual statistics are very low. Regardless of the statistics, he gives extremely good advice about how to use a chat room safely (mostly involving lying about almost any bit of personal information you might be asked for).

The appendixes have good summary information for teens and adults, and have a special appendix just for the parents. It give good advice to make sure your teenager is willing to come to you for question without worrying about losing online privileges.

All in all, Always Use Protection should be read by every parent and, hopefully, by their kids. I'm going to try to get my 15- and 13-year old to read it (Good luck to me! You should have seen the arguments to get them to finish their summer reading!) I liked the approach, the content, and the presentation so well, I had to rate this a 10.

---

You can purchase Always use Protection: A Teen's Guide to Safe Computing from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

As the parent of two teens who do amazing things

[Sethseekstruth]

amazing in how they foul up thier computer, then go upstairs and foul up mine, and break the ibooks given them by the school, I will say this book is long overdue

Is your son a computer hacker?

[MonMotha]

I'm sorry, but I read this review and instantly thought of the imfamous "Is your son a computer hacker?" [adequacy.org] thing that we all know and love.

That's not to say that it's a bad book or the review is flawed, though some of the comments would tend to tell me that the reviewer isn't as "computer savvy" as I might like in a person reviewing a book. A properly configured border firewall, for example, will protect systems behind it. That says nothing of the duties of many of those "personal firewall" applications that are actually much more than firewalls (spam filters, scumware/spyware/adware scanner/filters, etc).

I just found it amusing that the adequacy.org article was the first thing I thought of when reading this review...

Re:Well...

[Anarke_Incarnate]

Her real name is Elizabeth Heller, from U of Wisconson (Madison campus) She made those videos for her boyfriend but cheated on him at a party. He found out and had all the videos put up on P2P sites. She's a cute chick, but cheaters deserve what they get. Last I heard she was living in CT.

As a teenager (14) who uses computers...

[Weirdofreak]

Is it really that useful given that I run Linux, don't use chatrooms, don't use P2P software, don't play games and have no friends who both run Linux and give me floppies or CDs (when it comes to it, none of my friends do either)?

Infected CDs?

[14erCleaner]

He's careful to include other avenues of attack besides the Internet, such as infected floppies and CDs cut by well-meaning friends.

Has anybody ever gotten a virus from an infected CD?

Re:Teenagers?

[Ignignot]

Is there a reason that this information is being aimed specifically at teenagers? I know an awful lot of adults that could use a good straighforward explaination of this material.

How about households with both parents working and the teenage child(ren) unsupervised from 3:00 - 6:00 pm after school? You don't think there is a reason for them specifically to learn about AV protection etc.? And while this book is aimed at teenagers, I'm sure it would be good for less computer literate adults.

Move back to DOS

[www.sorehands.com]

Lets force everyone to know DOS commands before using a computer. That way, they would know enough to maintain their own system.

One of the BBSs that I used to use, would allow us to drop into an MPM shell, but you would have to answer a questions, "what is the name of the debugger?"

stereotypes

[Anonymous Coward]

As a 15 year old, I resent the implication that teenagers aren't knowlegable. Even as I sit here, dist-upgrading my server farm through a dancer's shell, I can feel the network shuddering as spam is relayed through my parents two computers, out onto the internet. It would take me less than 30 seconds to find a windows box at school that is thoroughly compromised, and spamming / DDoS'ing something. It's not like we write the code that gets exploited..

Re:Do you remember being a teenager?

[Pope]

It was 1985 and I had a PCjr and a VIC20. Not a remote chance in hell I'd get bought a modem, let alone pay for the long distance charges. Security? Yeah, I was the only kid I knew with either kind of machine, my neighbour had a pair of Apple 2s.

Re:Well...

[LanMan04]

Incorrect...I remember when I first heard of these sometime in 2000, and I looked her up on the UW directory server (she still went there) and her last name was indeed Heoler or Hoeler or whatever the file was labeled, not Heller. I believe she lived in either Sellery or Ogg, maybe Witte (I used to go there). I also read an article that she was mobbed upon returning to school and had to move into a private dorm, and left school soon thereafter (I believe).

And for those of us not running Windows??

[talexb]

Funny, my 16 year-old stepson is using the Mandrake Linux installation I set up for him -- he can boot to Windows 98 to play games, but that's a vanilla installation, and not configured for networking. My LAN is protected by a dynamite router by NetGear -- the only port that responds is 22, and that goes to my Linux box. So really the only part of this book that's relevant is the part about identity theft.

Re:Is your son a computer hacker?

[Tyrdium]

*reads over said site*
I'm impressed that anyone could truly be that ignorant (and I do in-home tech work!). Are you sure it isn't meant as a joke? Quake as a hacker program... *snickers*

BSD, Lunix, Debian and Mandrake are all versions of an illegal hacker operation system, invented by a Soviet computer hacker named Linyos Torovoltos, before the Russians lost the Cold War. It is based on a program called "xenix", which was written by Microsoft for the US government. These programs are used by hackers to break into other people's computer systems to steal credit card numbers. They may also be used to break into people's stereos to steal their music, using the "mp3" program. Torovoltos is a notorious hacker, responsible for writing many hacker programs, such as "telnet", which is used by hackers to connect to machines on the internet without using a telephone.

Okay, now I'm thoroughly convinced it's a joke...

Online games and firewalls - Halo

[sheetsda]

Firewalls are discussed in detail, as well as their possibly unintended consequences (an online game refuses to run because a critical port is being blocked by the firewall, for example)

This reminded me of a recent disturbing incidedent at a LAN party I was hosting. We were playing Halo, behind my router, configured with a firewall and NAT; DMZ was off, one of my guests was hosting the server so no unintentional rule in the firewall would've been forwarding him traffic from the outside (he was also DHCPed, further reducing the likelyhood, AND I checked the rules later), we had set up no additional firewall rules to allow people on the internet to connect to the Halo server, to our surprize and my chagrin, people outside my router were able to connect to the server apparently being run inside my LAN, somehow bypassing my firewall. Everyone at my LAN party has a good bit of network and computer experience, but this left us scratching our heads. We had always assumed Halo did the standard client-server thing and waited for clients to connect to it on some port. To this day I'm still not quite sure how it happens; my best guess is Halo connects to some master server which instructs to connect to the client machines, or (more likely) clients connect to the master server and data flows through it on its way to the game server. Anyone know for sure how Halo's doing this?

When you've been hit

[Doctor O]

"Dan gives a careful, step-by-step menu of what you can and should do to recover as much as you possibly can, eradicate the malware that is causing the problem, and get your system back to a usable state"

The only way to a secure system after being hit is recovering your data, formatting the drive and reinstalling. If your machine has been compromised, there can *always* be other malware installed through the backdoors it opened. If the chapter is only about the above, without the reinstall part, it's not doing the readers much good.

what DOS will and won't do

[norminator]

Using DOS Commands teaches people a certain amount of stuff, but doesn't do much to help kids learn about avoiding the crap of the Internet. It is true that someone who has a working knowledge of DOS (or Linux CLI or whatever other unfriendly interface) is more likely to better respect the machine he/she is using, but that still doesn't help a person to know what is dangerous on the Internet and how to avoid it. I grew up on an Apple II+, moved on to DOS, then Windows 3.0 and up from there, but some of the stuff I was blindly downloading off the Internet 5 years ago would totally hose my computer if I was downloading it today. Most of the reason I learned to be more careful was working computer support at a university, where I saw other people screw up their computers. The best teacher is either going to be watching other people screw up, or screwing up yourself. The next best teacher is probably a book like this, if people will actually sit down and read it, and if the information in it is up to date and accurate.

Teens don't care

[niteice]

They don't. No person the age of 11-18 cares about computer security...yet they come to me when their PCs "don't work right".
I'm 13. I know how these people work. I've seen cases that belong on Computer Stupidities [rinkworks.com], like attempting to reconnect a mouse+keyboard and electrocuting themselves (bent pins). They have no idea about keeping their computers free of spy/adware. ("viruses"...) They expect their computers to work perfectly, or assume everything included in Windows XP will keep them free of virii/spyware/adware. I look at my classmates' home computers and they are destroyed to the point where a format/reinstall would be a quicker fix. These people don't think they are going to encounter the things discussed in the book and therefore don't bother with anything.

Re:Is your son a computer hacker?

[Anonymous Coward]

Wow, a whole new generation of Slashdotters who are unfamiliar with adequacy.org! I guess it's time for me to move on...Adequacy.org was a site set up by trolls. It is/was awesome, hilarious, sarcastic, and satirical all at the same time. The fact that people here are still taking it seriously is a testement to that. Hilarious. A whole thread of Slashbots wondering if Adequacy is a joke in the middle of 2004. Rofl! YHBT!

A few additional comments

[DanAppleman]

Just in response to some of the comments I've read so far:

Teen's don't care... Many don't. But they, like home users in general are have huge problems with regards to security. So what do we do? Just give up? We (and this includes all the knowledgeable teens) have to do what we can to improve the situation. This book is my contribution to the effort.

Better taught in person than from a book... I agree, but many parents don't know enough to teach security - their kids know more than they do. In those cases I actually suggest flipping it around: teens, teach your parents! I've met a number of teens who have thier security act together - more who just think they do:-)

Parents and grandparents are a better audience for the book... I've gotten some very nice emails from adults and seniors who find it very readable.

The title is a gimmick... Sure, but you'll remember it, right? Actually, the title was the idea of a group of teens. I never would have come up with it on my own.

For more info including the book's introductions visit http://www.alwaysuseprotection.com/ [alwaysuseprotection.com]

Re:Infected CDs?

[Geoffreyerffoeg]

Hey, interesting idea....huh? You didn't hear that.

(Actually, it could be argued that AutoRun copy-protection software on an audio CD may be a virus.)

Re:Infected CDs?

[Eccles]

I made a CD a while ago to back up some digital photos. When I copied them to a new computer, my virus checker reported that one of the JPGs was a virus in disguise.

(No, the other images weren't porn...)

Users and firewalls don't mix

[theblacksun]

The standard user can't use a firewall. They will end up screwing things up; I've seen it many times. They inevitably create a bad policy that breaks something, and I've seen instances where this bluescreened the machine. The firewall needs to be at central node and run by someone qualified, not on workstations. Unfortunately for the instances in which there is no central node (i.e. plugging a workstation right into a broadband connection) then I still say screw the firewall: Just stay on top of updates, and hope for the best. It's how we run our department and the hacks are few, far between, very rarely on a workstation, and always because the system is out of date. Well that's my $.02 anyway.